It is terribly difficult to build secure software and to keep it secure. So we have to take into account that there will always be security vulnerabilities in software. Criminals will do what they can to exploit these security vulnerabilities. It is actually an ongoing race (a rat race) between the criminals and the security experts to keep our digital working environment safe. The end users (you) are an important link in this process.

As soon as a security vulnerability is found, the supplier will come up with a solution for that vulnerability and publish a security update or ‘patch’, with which the users can fix the problem. We can only remain safe if we apply these patches before the criminals become aware of the vulnerability and find a way to abuse it. This is not only relevant for Windows or MAC operating systems, but also for the programs.

It is therefore important to install these security updates as soon as possible:

• Set up your computer or mobile device and all of your software in such a way that security updates are downloaded and installed automatically.
• If possible, turn on your devices once a week so that those patches can be updated.
• On your work computer, patches are often updated through the university network. Make sure you connect your laptop to the UM network at least once a week using an ethernet cable or Wi-Fi.
• Do you mainly work from home? Then connect to the UM network through VPN once a week to get the patches.

Have you received a warning that a security update has failed? Report this to your local ICT support officer or the ICT Service Centre.

Cartoon: Ruben L. Oppenheimer

For some people, Wi-Fi access is almost as important as the air they breathe. But by using Wi-Fi you can become infected with a computer virus or be hacked by cyber criminals without knowing it. Open Wi-Fi hotspots in public places such as burger restaurants or hotels can be used without a password and the traffic is therefore not encrypted. Criminals can then eavesdrop on your messages and retrieve your password, for example. So only use Wi-Fi hotspots that require a password. But even then, vigilance is required! Criminals can easily set up a fake Wi-Fi hotspot, for example near your local pub, with the same Wi-Fi name and password. After all, that password is on a sign at the pub.

Here are some tips for using Wi-Fi safely:

• It is preferrable to use Wi-Fi for which you have your own password, which is not known to strangers.
• Eduroam is available in many places in the Netherlands and abroad, which uses your own personal password. That is safe.
• In other cases, use your smartphone as a Wi-Fi hotspot on a 4G connection.
• Can’t access a trusted Wi-Fi network? Or is your mobile device giving a warning? Then be vigilant and check whether your connection is safe: the hotspot you’re using may be fake.
• Don’t send sensitive data over unknown, unencrypted networks. At the very least, visit websites using https:// and use VPN to access the university network. This provides additional encryption that criminals cannot easily access.

Cartoon: Ruben L. Oppenheimer

There’s no such thing as 100% safe. It’s a pity, but it’s also reality. No matter how good you are at following all the security advice, and no matter how careful you are when opening emails and files, there is always a chance that your workstation will fall into the hands of cybercriminals due to an unknown virus, a security vulnerability in the software, or even a moment of carelessness.

Usually, you will notice that something suspicious is going on with your computer. A warning might pop up on your screen, suspicious emails could suddenly be sent in your name, your computer might become very slow, the cursor of your mouse may make strange movements or the light of your camera could turn on. If you notice something like this, take action.

• Disconnect the network cable from the computer and disconnect the Wi-Fi connection.
• Do not turn off your computer. Computer experts can then still secure traces of the criminals.
• If possible, take a picture of your screen with your mobile phone or tablet.
• Try to remember exactly what happened—what you were doing, what actions you took—just before you noticed the strange behaviour.
• Report the incident in as much detail as possible to the ICT Service Centre.

And remember: You may be a victim of criminals; it’s just bad luck and there’s no shame in it.

By disclosing it and taking the right actions, you can help us all to fight those criminals.

Cartoon: Ruben L. Oppenheimer

If you give your password to someone else, for example so they can look at something, you’re usually giving away more than you realise at that moment. Giving access to your mailbox or calendar means giving access to your salary slip or rights to perform other actions in UM systems. If problems arise, you don’t want to suspect your colleague. You can prevent this type of situation by taking your responsibility and keeping your password to yourself.

Would you still like to share information with others?  Here are some tips:

• You can share your agenda with colleagues via so-called delegation rights (you can give those rights yourself).
• For your mailbox, you can request to give access to others if that is really necessary.
• For shared files, request a separate directory on the J:-, L:- or P:- drive where your colleague can log in with his/her own password.
• Files can be shared securely with others, also outside UM, using tools such as SURFdrive and SURFfilesender.
• Ask your local ICT support officer or the Servicedesk ICTS for advice.

Cartoon: Ruben L. Oppenheimer

When you read ‘500,000 Zoom accounts hacked’ in the media, it doesn’t necessarily mean that Zoom was as leaky as a sieve. Criminals simply took a database that was available on the internet with billions of email addresses and passwords and tried it out on the Zoom servers. It turned out that 500,000 users used the same password on Zoom as they did on another website that had been hacked. That is why it is important to choose a different, unique and strong password for each website. And you should set a new password on a regular basis, such as once a year.

Here are some tips:

• Keep work and private life separate. Never use your UM email address as a username for private use of websites; use a private email address instead.
• Think of a mnemonic device, a memory aid, with which you can come up with strong passwords for every new website.
• Forgot your password? That’s no problem with most websites. Just request a reset using your private email address.
• Too many passwords to remember? Use a password manager. You can view trusted information in Dutch here or search for more information in English, for instance, here.
• Check if your password has been hacked on Have I been Pwned and reset your password on all other websites where you still use that same password.

Cartoon: Ruben L. Oppenheimer

Thanks to laptops and mobile devices such as smartphones and tablets, we can access our data anytime, anywhere. But is that always safe and secure? Even if you don't keep your documents on your mobile device, it will still be full of sensitive information. Just think of all the user names and passwords you may have stored on it so you don't need to log in all the time. Your device has become the key to your (work) data.

Besides, a mobile device can easily be lost and it often gets stolen, no matter how much you try to keep an eye on it.

So, don't take any risks when it comes to sensitive work-related or personal data!

• Encrypt your devices: read the manual or ask for help if necessary.
• Secure your device with a (long) unique PIN code or, even better, with your fingerprint or facial recognition.
• If a USB stick or drive is not encrypted by default, make sure to encrypt the files you save. This can be done in any Microsoft Office programme or by wrapping them in a secure zip file.

Cartoon: Ruben L. Oppenheimer